Common use of Xxxxxxx Associates shall Clause in Contracts

Xxxxxxx Associates shall. 2.5.1 only process the Personal Data for the purposes of performing its obligations under this Agreement and in accordance with the written instructions given by the Customer from time to time, unless Xxxxxxx Associates is subject to an obligation under applicable law (including Data Protection Law) of the European Union or a member state of the European Union to do otherwise, in which case Xxxxxxx Associates shall (to the extent permitted by law) notify the Customer in advance of that legal obligation; 2.5.2 notify the Customer immediately if, in Xxxxxxx Associates' opinion, an instruction from the Customer breaches a requirement of Data Protection Law); and 2.5.3 Xxxxxxx Associates shall implement and maintain all adequate and appropriate technical and organisational measures and controls to prevent unauthorised or unlawful processing of Personal Data and accidental loss, destruction, damage, theft, use or disclosure of such Personal Data, and shall protect against any anticipated threats or hazards to the security or integrity of the Personal Data, and detect and prevent unauthorized processing of, or unauthorized access to, the Personal Data, and such measures shall at a minimum meet the standard required by Data Protection Law, including (without limitation) the standard required by Article 32 of the UK GDPR, even if Xxxxxxx Associates is not subject to the requirements of the UK GDPR. 2.5.4 not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Customer or Xxxxxxx Associates has provided appropriate safeguards in relation to the transfer; (ii) the Data Subject has enforceable rights and effective legal remedies; (iii) Xxxxxxx Associates complies with its obligations under Data Protection Law by providing an adequate level of protection to any Personal Data that is transferred; (iv) Xxxxxxx Associates complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; 2.5.5 assist the Customer, at the Customer's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Law with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; 2.5.6 notify the Customer without undue delay on becoming aware of a Personal Data breach.

Xxxxxxx Associates shall. 2.5.1 only process the Personal Data for the purposes of performing its obligations under this Agreement and in accordance with the written instructions given by the Customer from time to time, unless Xxxxxxx Associates is subject to an obligation under applicable law (including Data Protection Law) of the European Union or a member state of the European Union to do otherwise, in which case Xxxxxxx Associates shall (to the extent permitted by law) notify the Customer in advance of that legal obligation; 2.5.2 notify the Customer immediately if, in Xxxxxxx Associates' opinion, an instruction from the Customer breaches a requirement of Data Protection Law); and 2.5.3 Xxxxxxx Associates shall implement and maintain all adequate and appropriate technical and organisational measures and controls to prevent unauthorised or unlawful processing of Personal Data and accidental loss, destruction, damage, theft, use or disclosure of such Personal Data, and shall protect against any anticipated threats or hazards to the security or integrity of the Personal Data, and detect and prevent unauthorized processing of, or unauthorized access to, the Personal Data, and such measures shall at a minimum meet the standard required by Data Protection Law, including (without limitation) the standard required by Article 32 of the UK GDPR, even if Xxxxxxx Associates is not subject to the requirements of the UK GDPR. 2.5.4 not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Customer or Xxxxxxx Associates Associate’s has provided appropriate safeguards in relation to the transfer; (ii) the Data Subject has enforceable rights and effective legal remedies; (iii) Xxxxxxx Associates Associate’s complies with its obligations under the Data Protection Law by providing an adequate level of protection to any Personal Data that is transferred; (iv) Xxxxxxx Associates the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; 2.5.5 assist the Customer, at the Customer's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Law with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; 2.5.6 notify the Customer without undue delay on becoming aware of a Personal Data breach.